Our previous articles on CMMC Level 1 certification focused on what organizations need to know when conducting self-assessments. These documents relied primarily on the fact that the contractor would do their assessments and reporting. 

With Level 2 certification, the game changes. Not only are nearly all assessments performed by C3PAOs, but their requirements expand nearly tenfold. That said, some basics of what to expect in the assessment remain the same. 

Here, we’re discussing the CIO’s guidance for Level 2 assessments. 

Read More

Our previous article discussed what it meant to scope your self-assessment while pursuing Level 1 Maturity under CMMC. This approach included identifying the boundaries of FCI-holding systems and comprehensively cataloging technology, people, and processes that play a part in that system. 

Here, we take the next step and cover CIO guidelines for performing your self-assessment. 

Read More

One of the more significant changes in the new CMMC 2.0 guidelines was the move from third-party to self-assessment at Level 1 maturity. At Level 1, contractors can perform a self-assessment rather than engage with a C3PAO, significantly reshaping their obligations and the associated costs and effort for compliance. 

Here, we’re covering the CIO’s guidance for organizations performing self-assessments, specifically how to scope their self-assessments for Level 1 maturity. 

Read More